The object of the invention relates to how a cellular radio system is able to identify a terminal using a false identity.
In cellular radio systems there are known different identifiers with which the system is able to identify a specific user or a specific terminal. This patent application treats as examples particularly the IMEI code (International Mobile Equipment Identifier) used to identify the equipment part of the terminal, the IMSI code (International Mobile Subscriber Identifier) and the GSM cellular radio system (Global System for Mobile telecommunications). A terminal in the GSM system is for short called MS (Mobile Station) and it comprises a SIM card (Subscriber Identity Module) intended to identify the user and the actual equipment, which is abbreviated ME (Mobile Equipment). Each ME has its own IMEI code which is permanently stored in the equipment and which is intended to act as an unambiguous identifier of the equipment. The length of the IMEI code is 15 characters, and it comprises a Type Approval Code (TAC) of six characters, a Final Assembly Code (FAC) of two characters, the equipment serial number of six characters, and one spare character.
The GSM system specifications GSM 02.16 and GSM 03.03 define how the IMEI code is used to identify the equipment part of the terminals. The purpose is that both single cellular systems and certain registers common to different systems contain knowledge of which IMEI codes correspond to legally used equipment and which equipment must be denied service, either due to a illegal origin of the equipment or due to a fault typical to a specific equipment type. The register containing operational information about the equipment is generally called EIR (Equipment Identity Register) and such registers can be located in a mutual hierarchy, so that an EIR register of a single cellular radio system is located on the lowest hierarchy level, and on a higher level there is an EIR register which the systems use in common. The co-operation body. GSM MoU (GSM Memorandum of Understanding) founded by GSM operators has developed a central register known as CEIR (Central EIR). In order to group equipment into legal and illegal equipment a register of the EIR type contains three lists, which are the white list, the black list and the grey list. The white list contains information about which IMEI codes correspond to equipment used legally, and the black list tells which IMEI codes correspond to xe2x80x9cforbiddenxe2x80x9d equipment. The grey list can be used as a transitional stage between the white list and the black list, if for instance a specific equipment type causes some interference in the network operation, but not so much that equipment of this type should be put directly on the black list.
However, the cloning of IMEI codes has become a problem. Even if the aim has been to make IMEI code falsification difficult, it has turned out that dishonest quarters can copy an IMEI code from one device to another. In a typical case the IMEI code of a legal device is copied or xe2x80x9cclonedxe2x80x9d into a device which is stolen or can otherwise be considered illegal, whereby the illegal device can be used so that its use can not be prevented by the system. A GSM mobile phone can also call certain emergency numbers without a SIM card, whereby a dishonest user by changing the IMEI code can ensure that it is not possible to prevent or trace malicious emergency calls which he makes.
The cellular radio system can check the IMEI code of terminals in radio connection with the base stations according to a certain routine defined in the system specifications. In the GSM system there is defined a so called RIL3-MM IDENTITY REQUEST message (RIL3=Radio Interface Layer 3; MM=Mobility Management), and by sending this message the system can request the terminal to present its IMEI code or another corresponding identifier. The terminal responds by sending a so called RIL3-MM IDENTITY RESPONSE message, which contains the identifier requested by the system. In principle the system can transmit said message regularly, always at the beginning of an active operating period or RR session, but in practice this is made less frequently in order to reduce signalling requirements. The IMEI code is generally not used to establish calls or to monitor user movements, because regarding the network operation and call charging it is more important to identify the user (or the subscription used by the user). For user identification it is possible to use the IMSI code given to the user, but in order to protect the user""s privacy it is preferred to use the TMSI code (Temporary Mobile Subscriber Identifier), which is provided by a specific register in that part of the cellular radio system where the user is operating.
A disadvantage of prior art methods is that they assume that at least one operator knows the IMEI code of an illegal user operating within the system. Due to the cloning method an illegal device can during operation use the IMEI code of a legal device. According to prior art it is impossible to identify the illegal terminals on the basis of the IMEI codes if the operator responsible for the system operation does not know which IMEI codes have been cloned from legal devices into illegal devices.
The object of the present invention is to present a method which is able to identify devices using a cloned IMEI code or a corresponding identifier. An object of the invention is also to present a cellular radio system realising the method according to the invention.
The objects of the invention are attained by monitoring at how long intervals a terminal reports its IMEI code or corresponding identifier to a central of the cellular radio system. An exceptionally short report interval will reveal a cloned code.
The method according to the invention is characterised in that in this method a regularly transmitted message received from the terminal is attached to the code describing the terminal, and that the terminal is considered to be identified when the period between two successive messages of said kind attached to the describing code is shorter than a predetermined time-out.
An object of the invention is also a cellular radio system and a mobile telephone exchange which are characterised in that they are arranged to attach a regularly transmitted message, which is received from a terminal, to a code representing the terminal, and that they indicate such a terminal as an identified terminal, for which the period between two successive messages of said kind attached to the describing code is shorter than a predetermined time-out.
In cellular systems there is known a method where the terminals regularly report to the system their location in a certain location area. According to the invention the system is able to monitor how long time has passed since a specific terminal last time reported its location. If the location reports should arrive at regular intervals, and if a location report relating to an IMEI code or any other unambiguous identifier arrives earlier that expected, then said identifier is used by at least two devices. In systems where the desired identification report is not automatically related to regular location reports, it is possible to add a feature according to which the system requests the terminal to present said identifier at least in connection with certain location reports.
The system can respond in many different ways when it has identified a specific terminal on the basis of a suspicious IMEI code or a corresponding identifier used by this terminal. One possibility is to immediately bar said terminal from the service provided by the system, whereby a fraudulent user can get only a minimal profit with the illegal device. If the illegal terminal is able to receive text messages (SMS, Short Message Services), it is possible to send it a message, which tells the user why this device can not anymore be connected to the system. Another alternative is to transmit information about a detected suspicious identifier to the terminal, and in this connection to request the device to be brought to an authorised service shop for control. This message can include a time limit before which the control should be made so that the device would not be barred from services provided by the system. A person skilled in the art can easily present more alternative actions. The invention does not limit the manner in which the system should respond to the detection of a suspicious identifier.